Red Hat and CoreOS’s relationship began many years ago as open source collaborators developing some of the key innovations in containers and distributed systems, making automated operations a reality. Since that time, we have both become leaders in the communities that are driving these innovations, including Kubernetes, the Open Container Initiative (OCI) and the Cloud Native Computing Foundation (CNCF). Today Red Hat announced it has signed a definitive agreement to acquire CoreOS. By joining Red Hat, I believe we will make these important technologies ubiquitous in business and the world.

New releases of Container Linux addressing the Meltdown attack, caused by vulnerabilities in many modern processors, are now available in all three Container Linux release channels: Alpha 1649.0.0, Beta 1632.1.0, and Stable 1576.5.0. Updates are rolling out to the Alpha and Beta channels now, and should complete over the next 24-48 hours. By default, Container Linux will apply these updates automatically, but systems with non-default configurations should be manually updated as soon as possible.

A recent information disclosure vulnerability (CVE-2018-5256) was found and addressed in Tectonic, which affects versions 1.7 through 1.8. Unauthenticated users were able to list all Namespaces through the Console. In 1.8, which finalized the transition from Third Party Resources (TPRs) to Custom Resource Definitions (CRDs), the ability to list all CRDs was affected by the same bug. The intention of this API endpoint is to enable listing all namespaces by logged-in users.

Today we're proud to announce Tectonic 1.8, the latest release of our enterprise-ready Kubernetes platform, is now available. This version, which we announced ahead of KubeCon + CloudNativeCon North America earlier this month, is the first to ship with a catalog of industry-first Open Cloud Services that enable users to deploy key infrastructure components with the ease of managed cloud vendor offerings but without cloud vendor lock-in.

Today we're happy to announce that Tectonic 1.8, the forthcoming release of our world-class enterprise Kubernetes platform, will ship with a catalog of industry-first Open Cloud Services. Open Cloud Services enable enterprises to deploy key infrastructure components with the ease and efficiency they've come to expect from public cloud providers, while avoiding cloud provider lock-in.

Kubernetes makes management of complex environments easy, but to ensure availability it's crucial to have operational insight into the Kubernetes components and all applications running on the cluster. At CoreOS, we believe monitoring is the backbone of a good production environment, which is why we are investing in development of the Prometheus monitoring system. A project hosted by the Cloud Native Computing Foundation (CNCF), Prometheus has rapidly gained popularity for infrastructure and application monitoring alike, and today it's taking its next step forward.

Tectonic 1.7.5 has arrived, and this release is all about monitoring. Container-based infrastructure is highly dynamic, which is great for agility, but enterprise-ready Kubernetes means having the right tools in place to monitor your clusters and respond quickly when problems arise. That's what Tectonic delivers.

Security researchers have recently discovered multiple remotely exploitable vulnerabilities affecting all users of Kubernetes 1.5.0 through 1.7.6. While the risk of an attacker successfully exploiting these flaws is relatively low, the vulnerabilities could potentially allow arbitrary code execution or DoS attacks and thus demand immediate attention. CoreOS Tectonic users can be assured, however, that patches are now available and can be applied with a single click or automatically, if configured.

Today, along with the rest of the Kubernetes community, we’re cheering the release of Kubernetes 1.8. The momentum within the community continues to grow as organizations embrace Kubernetes as the leading platform for container orchestration, and this release continues the Kubernetes community's commitment to security and extensibility with work on stabilizing existing features, even as new ones are added.